Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-12-2014 Ran by Kratos666 at 2014-12-14 21:46:39 Run:1 Running from C:\Users\Kratos666\Downloads\frst Loaded Profile: Kratos666 (Available profiles: UpdatusUser & Kratos666) Boot Mode: Normal ============================================== Content of fixlist: ***************** CloseProcesses: HKLM\...\Policies\Explorer\Run: [3570475709] => C:\ProgramData\mswlw.exe [81249 2014-12-14] ( ()) HKLM\...\Policies\Explorer: [TaskbarNoNotification] 0 HKLM\...\Policies\Explorer: [HideSCAHealth] 0 HKU\S-1-5-21-3930421677-1584321131-3860223234-1002\...\Policies\Explorer: [TaskbarNoNotification] 0 HKU\S-1-5-21-3930421677-1584321131-3860223234-1002\...\Policies\Explorer: [HideSCAHealth] 0 SearchScopes: HKU\S-1-5-21-3930421677-1584321131-3860223234-1002 -> DefaultScope {FF857022-ADA0-4C74-8D7E-3D6C29B87085} URL = SearchScopes: HKU\S-1-5-21-3930421677-1584321131-3860223234-1002 -> {FF857022-ADA0-4C74-8D7E-3D6C29B87085} URL = FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK C:\ProgramData\mswlw.exe C:\Users\Kratos666\patch.exe C:\WINDOWS\SysWOW64\*.tmp Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run /v 3570475709 /f Reg: reg delete HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies /f Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg query HKLM\SOFTWARE\Google\Chrome\Extensions /s Reg: reg query HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions /s CMD: type "C:\Users\Kratos666\AppData\Roaming\Mozilla\Firefox\Profiles\869b3nru.default\user.js" EmptyTemp: ***************** Processes closed successfully. HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\ => Value not found. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\TaskbarNoNotification => value deleted successfully. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideSCAHealth => value deleted successfully. HKU\S-1-5-21-3930421677-1584321131-3860223234-1002\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\TaskbarNoNotification => value deleted successfully. HKU\S-1-5-21-3930421677-1584321131-3860223234-1002\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideSCAHealth => value deleted successfully. HKU\S-1-5-21-3930421677-1584321131-3860223234-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. "HKU\S-1-5-21-3930421677-1584321131-3860223234-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FF857022-ADA0-4C74-8D7E-3D6C29B87085}" => Key deleted successfully. "HKCR\CLSID\{FF857022-ADA0-4C74-8D7E-3D6C29B87085}" => Key not found. HKLM\Software\Wow6432Node\Mozilla\Thunderbird\Extensions\\msktbird@mcafee.com => value deleted successfully. C:\ProgramData\mswlw.exe => Moved successfully. C:\Users\Kratos666\patch.exe => Moved successfully. "C:\WINDOWS\SysWOW64\*.tmp" => File/Directory not found. ========= reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run /v 3570475709 /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg query HKLM\SOFTWARE\Google\Chrome\Extensions /s ========= HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif update_url REG_SZ https://clients2.google.com/service/update2/crx HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk path REG_SZ C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\Exts\Chrome.crx update_url REG_SZ https://clients2.google.com/service/update2/crx version REG_SZ 2014.7.8.23 ========= End of Reg: ========= ========= reg query HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions /s ========= HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif update_url REG_SZ https://clients2.google.com/service/update2/crx ref_count REG_DWORD 0x1 HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk path REG_SZ C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\Exts\Chrome.crx update_url REG_SZ https://clients2.google.com/service/update2/crx version REG_SZ 2014.7.8.23 ========= End of Reg: ========= ========= type "C:\Users\Kratos666\AppData\Roaming\Mozilla\Firefox\Profiles\869b3nru.default\user.js" ========= user_pref("network.http.max-persistent-connections-per-server", 3); ========= End of CMD: ========= EmptyTemp: => Removed 476.1 MB temporary data. The system needed a reboot. ==== End of Fixlog ====